flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Use correct archive paths with symlinks in live for letsencrypt

Browse source
This commit is contained in:
flyingscorpio@clevo 2023-01-20 14:52:15 +01:00
parent 22d541373a
commit 73c8ccb0ab
1 changed files with 28 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
roles/tunuifranken/tasks/letsencrypt.yml
View file

@ -18,8 +18,9 @@
group: root
mode: 0755
with_items:
- /etc/letsencrypt/archive
- /etc/letsencrypt/renewal
- /etc/letsencrypt/archive
- /etc/letsencrypt/archive/tunuifranken.info
- /etc/letsencrypt/live
- /etc/letsencrypt/live/tunuifranken.info
@ -44,13 +45,13 @@
- name: Create private key for challenge
become: true
community.crypto.openssl_privatekey:
path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem
register: challenge_privkey
- name: Create csr for letsencrypt
become: true
community.crypto.openssl_csr_pipe:
privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
privatekey_path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem
common_name: tunuifranken.info
register: csr
changed_when: challenge_privkey is changed
@ -68,7 +69,9 @@
terms_agreed: true
csr_content: "{{ csr.csr }}"
challenge: http-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
register: letsencrypt_challenge
- name: Copy http-01 resource
ansible.builtin.copy:
@ -84,7 +87,9 @@
account_key_content: "{{ account_privkey.privatekey }}"
csr_content: "{{ csr.csr }}"
challenge: http-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
data: "{{ letsencrypt_challenge }}"
when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
- name: Remove the http-01 resource
@ -106,7 +111,9 @@
terms_agreed: true
csr_content: "{{ csr.csr }}"
challenge: dns-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
register: letsencrypt_challenge
- name: Create dns-01 record
community.general.gandi_livedns:
@ -131,7 +138,9 @@
account_key_content: "{{ account_privkey.privatekey }}"
csr_content: "{{ csr.csr }}"
challenge: dns-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
data: "{{ letsencrypt_challenge }}"
when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
- name: Remove dns-01 record
@ -142,3 +151,15 @@
type: TXT
state: absent
when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
- name: Create symlinks for the certificate
become: true
ansible.builtin.file:
path: "/etc/letsencrypt/live/tunuifranken.info/{{ item.dest }}"
src: "/etc/letsencrypt/archive/tunuifranken.info/{{ item.src }}"
state: link
with_items:
- {src: cert1.pem, dest: cert.pem}
- {src: chain1.pem, dest: chain.pem}
- {src: fullchain1.pem, dest: fullchain.pem}
- {src: privkey1.pem, dest: privkey.pem}